Control systems utilized in social infrastructures, such as electricity, railroads, waterworks, and gasworks, and automobiles are required to operate devices, such as valves and actuators, based on information from sensors to maintain preset pressures and temperatures. To implement these operations, it is necessary to periodically acquire information from sensors to check status and excise control as required. For this purpose, in a usual control system, processing is periodically performed; and processing performed in each device within the system has to be completed in one cycle. To be completed in one cycle without fail, the processing time of each processing is also required to be constant without varying depending on situations. Existing control systems built to meet these conditions greatly differ in cycle or free time in one cycle depending on the fields of application, such as electricity, railroads, waterworks, and automobiles. To add new processing, it is required to estimate a free time for each field of application and consider the details of processing that can be implemented.
Meanwhile, control systems conventionally utilize a dedicated OS or a dedicated protocol and are installed in isolation in an area inaccessible from such external networks as Internet. For this reason, it used to be believed that the conventional control systems are free from so-called malwares and cyberattacks including DoS attacks. However, cases where a general-purpose OS or a general-purpose protocol is adopted for cost reduction are being increased in number. Further, connection with an information system is increasingly accelerated for the enhancement of efficiency. In recent years, malwares targeted at control systems have been found. Therefore, also for control systems, as well as information systems, technologies have been enquired to detect infection of malware or the like and external unauthorized accesses.
To cope with these problems, various technologies are known. In one of these technologies, patterns (sources addresses destination addresses, protocols, etc.) of communication carried out within a control system and formats of data are listed in advance and any communication that does not match with such a pattern is detected as an unauthorized communication. (Refer to Patent Literature 1, for example.)
Technologies in which authentication data is appended to communication packets and a communication packet having no correct authentication data is identified as an unauthorized communication packet are known. (Refer to Non-patent Literature 1, for example.)